Computer system, a telecommunication device and a telecommunication network

ABSTRACT

A telecommunication network 20 configures a telecommunication device 11 and makes and controls communication connections between telecommunication devices. The telecommunication network 20 is configured such that, in use, on initiation of the telecommunication device 11, such as an Internet Protocol telephone or video telephone, a telecommunication device identifier to identify the telecommunication device 11 is output to a computer system or provisioning server 41 via the Internet 10. The computer system 41 receives the telecommunication device identifier and, in response, outputs to the telecommunication device 11, via the Internet 10, an indication of a telecommunication device control system or PBX 12 for use by the telecommunication device 11. The telecommunication device control system 12 is subsequently usable by the telecommunication device 11 to make and control communication connections between the telecommunication device 11 and other telecommunication devices.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application claims the benefit of U.S. patent application Ser. No.14/034,447, filed Sep. 23, 2013, which claims the benefit of U.S.Provisional Patent Application No. 61/705,990, filed on Sep. 26, 2012,and of United Kingdom Patent Application No. GB1217211.0, filed on Sep.26, 2012. The disclosures of these applications are hereby incorporatedby reference herein in their entireties and made a part of the presentdisclosure.

TECHNICAL FIELD

The present invention relates generally to a computer system, atelecommunication device and a telecommunication network. Embodiments ofthe invention relate to initial configuration of a telecommunicationdevice such as an Internet Protocol (IP) telephone or IP videotelephone.

BACKGROUND

Calls made by telephones and video telephones are controlled by acall-control system or telecommunication device control system that isusually referred to as a PBX. PBX stands for private branch exchange.While the control systems used by modern VOIP (voice over IP) telephonesystems do not exchange anything the term PBX is still commonly used todescribe the controllers that have the same core functionality of PBXsused in public switched telephone networks where the term originated.

Modern VOIP telephones need to know the PBX that they are to use tocontrol calls to and from them. There are several known arrangements forproviding configuration information to such known IP telephony devices.That is to say, to provide the address or an identifier of thecall-control system or telecommunication device control system (PBX) forthe IP telephony network. Provisioning of IP telephones falls broadlyinto three categories, which are described below with reference to FIGS.1 to 3.

FIG. 1 illustrates a known IP telephone 11 on a telecommunicationnetwork which is manually configured with the IP address of the PBX 12in order to establish the call-control connection 13 across the Internet10. In the simple arrangement of FIG. 1 the IP telephone is manuallytold the IP address of the PBX, for example, by a user making anappropriate input using the telephone keypad or the telephone's webinterface.

This mechanism allows no flexibility in changing that IP address at alater time without manually reprovisioning all of an organisation's IPtelephones, it allows very little flexibility about the location of thePBX relative to the telephone and, furthermore, before first using thetelephone a user must make this manual entry, which is often overlycomplex for a typical end-user to perform.

FIG. 2 illustrates a known IP telephone 11 which is on a network where adynamic host configuration protocol (DHCP) server 21 provides the IPaddress of the PBX 12 to the IP telephone at boot time or on start-upvia the Internet 10. In this arrangement, the DHCP server informs allthe IP telephones on a particular local-area network (LAN) of the IPaddress of the PBX. To emphasise, the DHCP server is located on the sameLAN as the IP telephone being configured. This has some advantages ofthe arrangement of FIG. 1 in that it is easy to deploy plural IPtelephones on a single site, but does not work well for multiple sitesor for individual IP telephones, particularly where the IP telephone isbeing connected to a network not managed by the owner of the IPtelephone. It allows some flexibility about the geographical location ofthe PBX relative to the telephone through techniques such asgeographically-aware DNS servers, but it is still complex and cumbersomefor a typical end-user to configure.

FIG. 3 illustrates an IP telephone 11 on a telecommunication networkwhich is manually configured with the domain name system (DNS) name ofthe PBX 12 which it resolves into an IP address using DNS server 31. Thearrangement of FIG. 3 uses a DNS server to provide a single level ofindirection (means to look up an identifier or pointer to get to thedesired destination). The IP telephone is provided with the DNS name ofthe PBX and the IP telephone then locates a DNS server from its networkconfiguration and queries the DNS server for the address of the PBX.This is achieved by a DHCP server or another device on the local network(not shown in FIG. 3) providing the necessary configuration informationto the IP telephone as it boots to allow it to discover the IP addressof the PBX. Geolocation DNS services may be used to provide a differentPBX address based on geographical knowledge about the IP address of thetelephone. This mechanism works for simple systems where there is onlyone PBX or a group of PBXs all belonging to the same organisation andwhich can all accept connections from a telephone belonging to thatorganisation. In other words, it works well for networks that areadministered by the same organisation that own the PBX, it provides foroperation of an IP telephone without pre-configuration, and is easy foran end-user to deploy, but it is not possible to use on an arbitrarynetwork such as a public or home Internet connection which is typicallywhere ease of deployment is particularly advantageous.

SUMMARY

The inventors of the arrangement described below are the first toappreciate that the desirable zero-configuration for the end-user todeploy an IP telephone as received from the manufacturer without themhaving to key in any configuration information, regardless of the natureof the network on which the telephone will be deployed is met byproviding a provisioning server or particular computer system connectedto the IP telephone via the Internet. Embodiments of the provisioningserver or computer system receive from the IP telephone or videotelephone, via the Internet, a telecommunication device identifier toidentify the telecommunication device. In response, the provisioningserver outputs to the telecommunication device, via the Internet, anindication of a telecommunication device control system or PBX for useby the telecommunication device. In this way, the provisioning servermay be owned and managed by a different organisation to the customer oruser of the telephone in order to provide parameterless provisioning forthe telephone regardless of the customer or user.

Embodiments of the computer system provide configuration information toan IP enabled telephone. A newly connected telephone or video telephonedevice may fetch configuration information from a device or devices onthe Internet to enable it to establish communications with an Internettelephony control system or PBX.

Embodiments of the provisioning server or device provide to an IPtelephone or video telephone information about its PBX and othersupporting media systems based on the identity of the telephone, and insome examples, its geographical location, and a preconfiguredassociation between that telephone, the owning organisation and the PBXbelonging to that organisation.

The invention in its various aspects is defined in the independentclaims below to which reference should now be made. Advantageousfeatures are set forth in the dependent claims.

Arrangements are described in more detail below and take the form of atelecommunication network that configures a telecommunication device andmakes and controls communication connections between telecommunicationdevices. The telecommunication network is configured such that, in use,on initiation of the telecommunication device, such as an InternetProtocol telephone or video telephone, a telecommunication deviceidentifier to identify the telecommunication device is output to acomputer system or provisioning server via the Internet. The computersystem receives the telecommunication device identifier and, inresponse, outputs to the telecommunication device, via the Internet, anindication of a telecommunication device control system or PBX for useby the telecommunication device. The telecommunication device controlsystem is subsequently usable by the telecommunication device to makeand control communication connections between the telecommunicationdevice and other telecommunication devices.

In an aspect of the present invention, there is provided a computersystem for providing to a telecommunication device an indication of atelecommunication device control system for use by the telecommunicationdevice, the computer system being configured to connect to the Internetand being further configured to: receive from a telecommunicationdevice, via the Internet, a telecommunication device identifier toidentify the telecommunication device; and output to thetelecommunication device, via the Internet, in response to thetelecommunication device identifier: an indication of atelecommunication device control system for use by the telecommunicationdevice; or an indication of a gateway usable to reach thetelecommunication device control system for use by the telecommunicationdevice; or an indication of another computer system for providing to thetelecommunication device an indication of a telecommunication devicecontrol system for use by the telecommunication device.

In another aspect of the present invention, there is provided atelecommunication device for receiving an indication of atelecommunication device control system for use by the telecommunicationdevice, the telecommunication device being configured to connect to theInternet and being further configured to on initiation: output to acomputer system, via the Internet, a telecommunication device identifierto identify the telecommunication device; and receive from the computersystem, via the Internet, in response to the output of thetelecommunication device identifier: an indication of atelecommunication device control system for use by the telecommunicationdevice; or an indication of a gateway usable to reach thetelecommunication device control system for use by the telecommunicationdevice; or an indication of another computer system for providing to thetelecommunication device an indication of a telecommunication devicecontrol system for use by the telecommunication device.

In a yet further aspect of the present invention, there is provided atelecommunication network for configuring a telecommunication device andmaking and controlling communication connections betweentelecommunication devices, the telecommunication network comprising: atelecommunication device, a computer system for providing to thetelecommunication device an indication of a telecommunication devicecontrol system for use by the telecommunication device, and atelecommunication device control system connected via the Internet; thetelecommunication device being configured to, on initiation: output tothe computer system, via the Internet, a telecommunication deviceidentifier to identify the telecommunication device; and receive fromthe computer system, via the Internet, in response to the output of thetelecommunication device identifier: an indication of atelecommunication device control system for use by the telecommunicationdevice; or an indication of a gateway usable to reach thetelecommunication device control system for use by the telecommunicationdevice; or an indication of another computer system for providing to thetelecommunication device an indication of a telecommunication devicecontrol system for use by the telecommunication device; the computersystem being configured to: receive from the telecommunication device,via the Internet, the telecommunication device identifier to identifythe telecommunication device; and output to the telecommunicationdevice, via the Internet, in response to the telecommunication deviceidentifier: an indication of a telecommunication device control systemfor use by the telecommunication device; or an indication of a gatewayusable to reach the telecommunication device control system for use bythe telecommunication device; or an indication of another computersystem for providing to the telecommunication device an indication of atelecommunication device control system for use by the telecommunicationdevice; and the telecommunication device control system being configuredto make and control communication connections between thetelecommunication device and other telecommunication devices; thetelecommunication network being configured such that, in use, oninitiation of the telecommunication device: a telecommunication deviceidentifier to identify the telecommunication device is output to thecomputer system via the Internet; the computer system receives thetelecommunication device identifier and, in response, via the Internet:an indication of a telecommunication device control system for use bythe telecommunication device, or an indication of a gateway usable toreach the telecommunication device control system for use by thetelecommunication device is output to the telecommunication device, suchthat the telecommunication device control system is subsequently usableto make and control communication connections between thetelecommunication device and other telecommunication devices; or anindication of another computer system for providing to thetelecommunication device an indication of a telecommunication devicecontrol system for use by the telecommunication device is output to thetelecommunication device.

In another aspect of the present invention, there is provided acomputerized method for providing to a telecommunication device anindication of a telecommunication device control system for use by thetelecommunication device, the computerized method comprising: a computersystem receiving from a telecommunication device, via the Internet, atelecommunication device identifier to identify the telecommunicationdevice; and the computer system outputting to the telecommunicationdevice, via the Internet, in response to the telecommunication deviceidentifier: an indication of a telecommunication device control systemfor use by the telecommunication device; or an indication of a gatewayusable to reach the telecommunication device control system for use bythe telecommunication device; or an indication of another computersystem for providing to the telecommunication device an indication of atelecommunication device control system for use by the telecommunicationdevice.

In a yet further aspect of the present invention, there is provided atelecommunication method for receiving an indication of atelecommunication device control system for use by a telecommunicationdevice, the telecommunication method comprising: outputting to acomputer system, via the Internet, a telecommunication device identifierto identify the telecommunication device; and receiving from thecomputer system, via the Internet, in response to the output of thetelecommunication device identifier: an indication of atelecommunication device control system for use by the telecommunicationdevice; or an indication of a gateway usable to reach thetelecommunication device control system for use by the telecommunicationdevice; or an indication of another computer system for providing to thetelecommunication device an indication of a telecommunication devicecontrol system for use by the telecommunication device.

In a still further aspect of the present invention, there is provided amethod of operating a telecommunication network for configuring atelecommunication device and making and controlling communicationconnections between telecommunication devices, the method comprising: oninitiation of a telecommunication device, the telecommunication deviceoutputting to a computer system, via the Internet, a telecommunicationdevice identifier to identify the telecommunication device; the computersystem receiving from the telecommunication device, via the Internet,the telecommunication device identifier to identify thetelecommunication device; the computer system outputting to thetelecommunication device, via the Internet, in response to thetelecommunication device identifier: an indication of atelecommunication device control system for use by the telecommunicationdevice; or an indication of a gateway usable to reach thetelecommunication device control system for use by the telecommunicationdevice; or an indication of another computer system for providing to thetelecommunication device an indication of a telecommunication devicecontrol system for use by the telecommunication device; and thetelecommunication device receiving from the computer system, via theInternet, in response to the output of the telecommunication deviceidentifier: an indication of a telecommunication device control systemfor use by the telecommunication device; or an indication of a gatewayusable to reach the telecommunication device control system for use bythe telecommunication device; or an indication of another computersystem for providing to the telecommunication device an indication of atelecommunication device control system for use by the telecommunicationdevice; wherein the telecommunication device control system makes andcontrols communication connections between the telecommunication deviceand other telecommunication devices.

In a yet further aspect of the present invention, there is provided acomputer-readable medium containing a set of instructions that causes acomputer to perform a method for providing to a telecommunication devicean indication of a telecommunication device control system for use bythe telecommunication device, the method comprising: outputting to atelecommunication device, via the Internet, in response to receiving atelecommunication device identifier from a telecommunication device, viathe Internet: an indication of a telecommunication device control systemfor use by the telecommunication device; or an indication of a gatewayusable to reach the telecommunication device control system for use bythe telecommunication device; or an indication of another computersystem for providing to the telecommunication device an indication of atelecommunication device control system for use by the telecommunicationdevice.

In another aspect of the present invention, there is provided acomputer-readable medium containing a set of instructions that causes atelecommunication device to perform a method of receiving an indicationof a telecommunication device control system for use by thetelecommunication device, the method comprising: outputting to acomputer system, via the Internet, a telecommunication device identifierto identify the telecommunication device; and, in response, receivingfrom the computer system, via the Internet: an indication of atelecommunication device control system for use by the telecommunicationdevice; or an indication of a gateway usable to reach thetelecommunication device control system for use by the telecommunicationdevice; or an indication of another computer system for providing to thetelecommunication device an indication of a telecommunication devicecontrol system for use by the telecommunication device. Thecomputer-readable medium may be a storage device such as a solid-statememory, hard-disk drive, CD-ROM or DVD-ROM. The methods described may becarried out by a computer program.

The computer system may be a single computer or a plurality of computerson a network. The telecommunication device control system may be asingle computer, a plurality of computers on a network or a bespokehardware configuration.

Advantageous features are set-out below any may be included in any ofthe aspects of the present invention set-out above.

The telecommunication device may comprise an Internet Protocol telephoneor video telephone.

The telecommunication device control system may comprise a PBX.

The telecommunication device identifier may comprise an indication ofthe location of the telecommunication device. The indication of thelocation of the telecommunication device may be used by the computersystem to select the indication of a telecommunication device controlsystem for use by the telecommunication device to output, the indicationof a gateway usable to reach the telecommunication device control systemfor use by the telecommunication device; or the indication of anothercomputer system for providing to the telecommunication device anindication of a telecommunication device control system for use by thetelecommunication device.

The telecommunication device identifier may comprise one or more from alist comprising: a hardware identifier, such as a MAC address or serialnumber, and optionally a password; a user-supplied username, andoptionally a password; an identifier provided by a smart card or abiometric reader, and optionally a password.

The indication of a telecommunication device control system for use bythe telecommunication device, the indication of a gateway usable toreach the telecommunication device control system for use by thetelecommunication device and/or the indication of another computersystem for providing to the telecommunication device an indication of atelecommunication device control system for use by the telecommunicationdevice may comprise an Internet Protocol address.

The indication of a telecommunication device control system for use bythe telecommunication device, the indication of a gateway usable toreach the telecommunication device control system for use by thetelecommunication device and/or the indication of another computersystem for providing to the telecommunication device an indication of atelecommunication device control system for use by the telecommunicationdevice may comprise a domain name system name.

The computer system may be configured to verify the telecommunicationdevice identifier. The computer system may be configured to generate anindication that the telecommunication device identifier is notrecognised if the telecommunication device identifier is not recognisedfollowing the verification.

The computer system may be configured to generate a token to identify auser of the telecommunication device. The token may be human-readable.The token may comprise one or more check digits. The computer system maybe configured to request the user to enter the token. The computersystem may be configured to provide an indication to thetelecommunication device for a user of the telecommunication device toenter the token following the generation of an indication that thetelecommunication device identifier is not recognised. The computersystem may be configured to receive the token from the telecommunicationdevice. The computer system may be configured to bind with thetelecommunication device identifier following receipt of the token andthe telecommunication device identifier from the telecommunicationdevice: the user's account; or the indication of the telecommunicationdevice control system; or the indication of the gateway usable to reachthe telecommunication device control system. The telecommunicationdevice may be configured to receive an indication that thetelecommunication device identifier is not recognised by the computersystem. The telecommunication device may be configured to request a userto enter a token following receipt of an indication that thetelecommunication device identifier is not recognised by the computersystem. The telecommunication device may be configured to output thetoken to the computer system after the token has been entered. Thecomputer system may be configured to receive the token from thetelecommunication device.

The telecommunication device may be further configured such that onreceiving an indication of another computer system for providing to thetelecommunication device an indication of a telecommunication devicecontrol system for use by the telecommunication device, thetelecommunication device outputs to the another computer system, via theInternet, a telecommunication device identifier to identify thetelecommunication device.

BRIEF DESCRIPTION OF THE DRAWINGS

The invention will be described in more detail, by way of example, withreference to the accompanying drawings, in which:

FIGS. 1, 2 and 3 (prior art) are schematic diagrams of knowntelecommunication networks;

FIG. 4 is a schematic diagram of a telecommunication device, computersystem and telecommunication network embodying an aspect of the presentinvention;

FIG. 5 is a flow diagram illustrating the operation of thetelecommunication network of FIG. 4; and

FIG. 6 is a schematic diagram of a telecommunication device, computersystem and telecommunication network of another embodiment of an aspectof the present invention.

DETAILED DESCRIPTION

Embodiments of the invention will now be described with reference firstto FIGS. 4 and 5.

FIG. 4 illustrates a telecommunication network 20 for configuring atelecommunication device in the form of an IP telephone 11 and makingand controlling communication connections between telecommunicationdevices such as other IP telephones (not shown). The telecommunicationnetwork includes the telecommunication device or IP telephone 11, acomputer system for providing to the telecommunication device anindication of a telecommunication device control system for use by thetelecommunication device in the form of provisioning server (PS) 41, anda telecommunication device control system in the form of PBX 12. Thetelecommunication device control system makes and controls communicationconnections between the IP telephone 11 and other telecommunicationdevices or IP telephones. All of these components are connected via theInternet 10.

The provisioning server 41 is created on the public Internet. Typically,it is not run by the organisation or company owning the IP telephone 11or the IP PBX 12. They may be run by the manufacturer of the IPtelephones, or by an independent organisation. They are trusted by theIP telephones to provide the necessary information to reach the PBX or agateway belonging to the company that owns the IP telephone. The IPtelephone 11 locates a provisioning server 41 using any of the methodsdescribed below such as resolving a well-known name using a DNS server31. The provisioning server then provides information to the telephonein order for it to connect to the correct PBX 12.

In summary, as illustrated in the flow diagram 100 of FIG. 5 and withreference to FIG. 4, the telecommunication device or IP telephone 11, oninitiation, during booting or start-up, outputs to the computer systemor provisioning server 41, via the Internet 10, a telecommunicationdevice identifier to identify the telecommunication device (step 102 ofFIG. 5). The computer system or provisioning server receives from thetelecommunication device or IP telephone, via the Internet, thetelecommunication device identifier (step 104 of FIG. 5). In response,it outputs to the telecommunication device or IP telephone, via theInternet, an indication of a telecommunication device control system orPBX for use by the telecommunication device (step 106 of FIG. 5). Theindication of the PBX is received from the computer system orprovisioning server at the IP telephone (step 108 of FIG. 5). In thisway, the telecommunication device control system or PBX is subsequentlyusable to make and control communication connections between thetelecommunication device or IP telephone and other telecommunicationdevices or IP telephones.

The provisioning server may be a single computer or a plurality ofcomputers on a network. The PBX may also be a single computer or aplurality of computers on a network or it may be implemented indedicated hardware.

In more detail, the start-up or initiation procedure of the IP telephone11 or telecommunication device is as follows.

When initially plugged in to an Ethernet socket, the IP telephony device11 obtains standard IP configuration from the local network to which itis connected, for instance using DHCP or IPv6 RS messages.

The IP telephone 11 then discovers the IP address of a provisioningserver 41. This may be done using several methods as set-out below.

For example, standard IP configuration may provide the location of a DNSservice. DNS is used to resolve a well-known name to an IP address.Alternatively, the same DNS mechanism may be used, but the DNS servermay use the IP address of the IP telephone 11 to enable it to respondwith the geographically nearest provisioning server. Alternatively, theDNS server may be given an Anycast address and may be configured toreply with the geographically nearest provisioning server. Anycast is anetwork addressing and routing system in which data is routed to thetopologically nearest node of a group identified by the same address.Alternatively, the provisioning server may be given an Anycast addressand the IP telephone may be preconfigured to know this address.

The IP telephone 11 then establishes a communication connection with theprovisioning server 41 using this IP address. Communications via thiscommunication connection may be encrypted using public-key cryptographyin order to protect the identity of the IP telephone, the user and theIP PBX 12.

The IP telephone then supplies identification information in the form ofa telecommunication device identifier to identify the telecommunicationdevice to the provisioning 41 server. This may take several forms, suchas: a hardware identifier, such as a Media Access Control (MAC) address,digital certificate or serial number and optionally a password; or asoftware identifier such as a user-supplied username or email addressand optionally a password, or an identifier (and optionally a password)provided by a smart card or a biometric reader.

The provisioning server 41 then looks up the identification informationsupplied by the user to determine the possible addresses of the PBXassociated with that device or user.

If the request from the IP telephone 11 is authenticated then it checksthat the authentication matches. This may be carried out locally by theprovisioning server, or it may delegate that operation to the PBX oranother device by establishing a communication connection and requestingauthentication. In one possible arrangement, the look-up isauthenticated using a digital certificate and the provisioning server 41checks that the certificate is valid.

As mentioned above, when the IP telephone 11 first contacts theprovisioning server 41, it presents either a software identification(ID) (for example, username or email address) or a hardwareidentification (ID) (for example, a MAC address or a digitalcertificate). The provisioning server is preconfigured with the ID andthe associated PBX 12 for it to respond by a user typing in the relevantinformation. In the case of a hardware ID, this manual data entry isprone to user error because, for example, a MAC address is 12hexadecimal digits and has no check digit or checksum thus it is easyfor a user to make a data entry error by, for example, typing 8 insteadof B or 0 instead of C.

An arrangement to address this problem is described below.

In this arrangement, an administrator configures a user account on theprovisioning server 41 and the provisioning server generates a tokenwhich identifies a user of a telecommunication device or IP telephone.In this example, the token is a human-readable (for example, it containsonly decimal digits) and long (for example, it contains 8 or moredigits, or 12 or more digits, but preferably 12 digits). The tokenincludes one or more check digits to identify whether it is a validtoken. The token is sent to the user by secure means (for example, byinternal email or post).

With this arrangement, when the IP telephone 11 boots or is initiatedand makes a request using its hardware ID, the provisioning server 41verifies or validates the request and if it does not recognise therequest it responds with an indication accordingly to the IP telephonethat it does not know the ID. The IP telephone then indicates to theuser or makes a request to the user (typically, on its display) to enterthe token. Once the user has entered the token typically using the IPtelephone's keypad, the telephone sends the token and the hardware ID tothe provisioning server which receives the token, validates the token,identifies the user, and then automatically binds or links that hardwareID with that user for future requests by binding the telecommunicationdevice identifier to the user account or PBX for which the token wasissued. Alternatively, the token may be time-limited and/or single-useonly (for the first configuration only).

Once the provisioning server 41 has received a valid ID or token, itreturns to the requesting device (IP telephone 11) the IP address of thetarget PBX or a gateway which may be used to reach the target PBX.Alternatively, the provisioning server may return the domain name systemname of the target PBX or a gateway usable to reach the target PBX. Inother words, it outputs to the telecommunication device or IP telephone,via the Internet, an indication of a telecommunication device controlsystem or PBX for use by the telecommunication device or an indicationof a gateway to reach them or an indication of another provisioningserver to which the device should repeat the request as described belowwith reference to the embodiment of FIG. 6.

The provisioning server 41 may be provided with geographical or locationinformation about the requesting IP telephone 11. This may be obtainedusing several methods, such as: geographical knowledge by theprovisioning server 41 of public IP address allocations (that is to say,it uses the IP address of the IP telephone to determine the telephone'slocation); latitude/longitude provided in the request from the IPtelephone (which may be retrieved by a global positioning system (GPS)receiver in the device, for example); or indications or identities (IDs)of local wireless networks or cell towers (mobile telecommunicationsmasts) within range of the requesting device as provided by the devicein the request.

This extra information may be used by the provisioning server 41 toallow the requesting IP telephone 11 to be directed to the nearestentry-point into the target PBX's network. This may be a localconnection to a distributed PBX, or may be a local gateway to thenetwork of the customer.

IP telephone 11 may also verify the trust of the provisioning server 41in order to avoid unexpected connection to an attackers gateway whichcould be used to intercept calls. This trust is typically achieved usingpublic key cryptography.

Typically, an IP telephone 11 encrypts the channel over whichprovisioning information is carried. This prevents leakage ofinformation such as the username of the connecting telephone. Leakage ofthis information could reveal the association between a person and acompany or organisation. This trust may be established using a mechanismsuch as secure sockets layer (SSL) utilising the public key cryptographyused to identify the provisioning server 41 as a trust mechanism.

FIG. 6 illustrates another embodiment of the present invention. It issimilar in many respects to the embodiment of FIG. 4 and like featureshave been given like reference numerals.

In the embodiment of FIG. 6, like the arrangement of FIG. 4, the IPtelephone 11 locates a provisioning server 41 using any of the methodsdescribed above such as resolving a well-known name using a DNS server31. In contrast to the arrangement of FIG. 4, in the arrangement of FIG.6, the provisioning server 41 then redirects the provisioning process toanother provisioning server 51 which provides information to the IPtelephone in order for it to connect to the correct PBX 12. Thus, anindication of another computer system for providing to thetelecommunication device an indication of a telecommunication devicecontrol system for use by the telecommunication device is provided tothe IP telephone.

In other words, in the example of FIG. 6, the provisioning server 41 maychoose to delegate the provisioning process to a sub-provisioning server(SPS) 51 to which it is in communication connection via the Internet 10.In this case, the initial provisioning server 41 instructs the IPtelephone 11 to disconnect from the initial provisioning server theninstead connect to the sub-provisioning server. This process may berepeated. In this way, instead of sending out an indication of atelecommunications device control system or gateway usable to reach thetelecommunications device control system being output in response to aprovisioning server receiving a telecommunication device identifier, anidentifier or indicator of a delegated provisioning server or system maybe output to the IP telephone 11. When the telephone receives theidentifier of a delegated provisioning server or system, it restarts theprovisioning process described above with this new system.Sub-provisioning servers may themselves each delegate to anothersub-provisioning server. The ownership of the sub-provisioning serversmay differ from the ownership of the initial provisioning server. Asub-provisioning server may be owned by the organisation that owns anassociated PBX or group of PBXs.

The system described has an initial provisioning server 41 that containsa database associating the identity of the IP telephone 11 with theaddress of either the PBX 12 to which the telephone needs to connect, orthe address of a sub-provisioning server 51.

As in the arrangement of FIG. 4, in the arrangement of FIG. 6, thetelephone 11 is identified by a hardware identifier (MAC address orserial number) or a username or a digital certificate. In the case of ahardware identifier, a company or organisation may register theirhardware identifiers with a central configuration database, providingthe PBX or SPS address to configure the provisioning server.

Interception attacks may be prevented by only allowing a hardwareidentifier to be registered once without intervention from a humanadministrator. Hardware identifiers may also be registered andassociated with a customer account by the manufacturer or distributor ofthe IP telephone 11.

In the case of a username as an identifier for an IP telephone 11, thename may be of a fixed format such as an email address. The name may bepattern matched (such as choosing the domain part of an email address)to identify the PBX or SPS address.

In the case of a digital certificate as an identifier for an IPtelephone 11, the Common Name or some other known identifier in thecertificate may be used in a similar fashion to the username casedescribed above.

If more than one PBX 12 or SPS 51 is registered with a PS 41 or SPS 51for a particular telephone identity, then the PS or SPS may decide basedon geographical location information contained within the configurationrequest as to which PBX or SPS is returned in the configurationresponse.

An IP telephone 11 utilising the provisioning features described herein,which was owned by managed offices could offer temporary connection to acorporate PBX via that telephone as part of an office rental in otherword a public hot-desking arrangement.

For example, an employee of a company or organisation may rent an officefor a short period, that rental including use of a telephone 11 usingthe provisioning mechanism described above. The employee may thenconnect to the company's telecommunications system by identifyingthemselves using a hardware token such as a smart card or credentialssuch as a username and password. That telephone is then directed toconnect to the company's telephone system and takes on thecharacteristics assigned by that company for the duration of the usersresidence in the rented office.

Embodiments of the present invention have been described. It will beappreciated that variations and modifications may be made to thedescribed embodiments within the scope of the present invention. Forexample, while embodiments have been described with reference to atelecommunication device in the form of an IP telephone, thetelecommunication device may be an IP video telephone or videophone.

What is claimed is:
 1. A first computer system for providing to atelecommunication device a first indication of a telecommunicationdevice control system for use by the telecommunication device, the firstcomputer system being configured to connect to the Internet, the firstcomputer system comprising: at least one hardware processor configuredto: receive from the telecommunication device, via the Internet, atelecommunication device identifier to identify the telecommunicationdevice; select the telecommunication device control system for use bythe telecommunication device, wherein the telecommunication deviceestablishes communication control between the telecommunication deviceand other telecommunication devices; and output to the telecommunicationdevice, via the Internet, in response to the telecommunication deviceidentifier: the first indication of the telecommunication device controlsystem for use by the telecommunication device; or a second indicationof a gateway usable to reach the telecommunication device control systemfor use by the telecommunication device; or a third indication of asecond computer system for providing to the telecommunication device afourth indication of a telecommunication device control system for useby the telecommunication device, wherein the at least one hardwareprocessor is further configured to: verify the telecommunication deviceidentifier; in response to determining that the telecommunication deviceidentifier is not recognised following the verification: generate afifth indication that the telecommunication device identifier is notrecognised; generate a token to identify a user of the telecommunicationdevice; provide a sixth indication to the telecommunication device for auser of the telecommunication device to enter the token following thegeneration of the fifth indication that the telecommunication deviceidentifier is not recognized; receive the token from thetelecommunication device; and following receipt of the token and thetelecommunication device identifier from the telecommunication device,bind with the telecommunication device identifier one of: the user'saccount; or the first indication of the telecommunication device controlsystem; or the second indication of the gateway usable to reach thetelecommunication device control system.
 2. The first computer systemaccording to claim 1, wherein the telecommunication device comprises anInternet Protocol telephone or video telephone.
 3. The first computersystem according to claim 1, wherein the telecommunication devicecontrol system comprises a private branch exchange (PBX).
 4. The firstcomputer system according to claim 1, wherein the telecommunicationdevice identifier comprises an eighth indication of a location of thetelecommunication device.
 5. The first computer system according toclaim 4, wherein the at least one hardware processor is furtherconfigured to use the eighth indication of the location of thetelecommunication device to select the first indication of atelecommunication device control system for use by the telecommunicationdevice to output, the second indication of a gateway usable to reach thetelecommunication device control system for use by the telecommunicationdevice; or the third indication of the second computer system forproviding to the telecommunication device the fourth indication of atelecommunication device control system for use by the telecommunicationdevice.
 6. The first computer system according to claim 1, wherein thetelecommunication device identifier comprises one or more of: a hardwareidentifier, such as a MAC address or serial number, and optionally apassword; a user-supplied username, and optionally a password; or anidentifier provided by a smart card or a biometric reader, andoptionally a password.
 7. The first computer system according to claim1, wherein the first indication of a telecommunication device controlsystem for use by the telecommunication device, the second indication ofa gateway usable to reach the telecommunication device control systemfor use by the telecommunication device and/or the third indication ofthe second computer system for providing to the telecommunication devicethe fourth indication of a telecommunication device control system foruse by the telecommunication device comprises an Internet Protocoladdress.
 8. The first computer system according to claim 1, wherein thefirst indication of a telecommunication device control system for use bythe telecommunication device, the second indication of a gateway usableto reach the telecommunication device control system for use by thetelecommunication device and/or the third indication of the secondcomputer system for providing to the telecommunication device the fourthindication of a telecommunication device control system for use by thetelecommunication device comprises a domain name system name.
 9. Thefirst computer system according to claim 1, wherein the token comprisesat least one of eight or twelve digits.
 10. The first computer systemaccording to claim 1, wherein the token comprises one or more checkdigits.
 11. A first computer system for providing to a telecommunicationdevice a first indication of a telecommunication device control systemfor use by the telecommunication device, the first computer system beingconfigured to connect to the Internet, the first computer systemcomprising: at least one hardware processor configured to: receive fromthe telecommunication device, via the Internet, a telecommunicationdevice identifier to identify the telecommunication device; select thetelecommunication device control system for use by the telecommunicationdevice, wherein the telecommunication device determines communicationcontrol between the telecommunication device and other telecommunicationdevices; and output to the telecommunication device, via the Internet,in response to the telecommunication device identifier: the firstindication of a telecommunication device control system for use by thetelecommunication device; or a second indication of a gateway usable toreach the telecommunication device control system for use by thetelecommunication device; or a third indication of a second computersystem for providing to the telecommunication device a fourth indicationof a telecommunication device control system for use by thetelecommunication device, wherein the telecommunication deviceidentifier comprises a fifth indication of a geographical location ofthe telecommunication device, and wherein the at least one hardwareprocessor is further configured to use the fifth indication of thegeographical location of the telecommunication device to select thefirst indication of a telecommunication device control system for use bythe telecommunication device to output, the second indication of agateway usable to reach the telecommunication device control system foruse by the telecommunication device; or the third indication of thesecond computer system for providing to the telecommunication device thefourth indication of a telecommunication device control system for useby the telecommunication device, and in response to determining that thetelecommunication device identifier is not recognized, generate a sixthindication that the telecommunication device is not recognized andgenerate a token to identify a user of the telecommunication device. 12.A telecommunication device for receiving a first indication of atelecommunication device control system for use by the telecommunicationdevice, the telecommunication device being configured to connect to theInternet, the telecommunication device comprising: at least one hardwareprocessor configured to on initiation: output to a second computersystem, via the Internet, a telecommunication device identifier toidentify the telecommunication device; select the telecommunicationdevice control system for use by the telecommunication device, whereinthe telecommunication device establishes communication control betweenthe telecommunication device and other telecommunication devices; andreceive from the second computer system, via the Internet, in responseto the output of the telecommunication device identifier: the firstindication of a telecommunication device control system for use by thetelecommunication device; or a second indication of a gateway usable toreach the telecommunication device control system for use by thetelecommunication device; or a third indication of a third computersystem for providing to the telecommunication device a fourth indicationof a telecommunication device control system for use by thetelecommunication device, and in response to determining that thetelecommunication device identifier is not recognized, generate a fifthindication that the telecommunication device is not recognized andgenerate a token to identify a user of the telecommunication device;wherein the telecommunication device identifier comprises a sixthindication of a geographical location of the telecommunication device,wherein the sixth indication of the geographical location of thetelecommunication device is used by a first computer system to selectthe first indication of the telecommunication device control system foruse by the telecommunication device, the second indication of a gatewayusable to reach the telecommunication device control system for use bythe telecommunication device; or the third indication of the thirdcomputer system for providing to the telecommunication device the fourthindication of the telecommunication device control system for use by thetelecommunication device to output.